Answer the question
In order to leave comments, you need to log in
L
L
Leonid2020-05-15 11:39:13
Leonid, 2020-05-15 11:39:13
How is CORS bypassed?
There is a .NET server with CORS enabled. there are no problems with webapi, but there are files with the ashx extension.
At the same time, Postman somehow works with them. The html player tag works the same way.
The problem is that you need to send the authorization bearer header. and now if you try to access the file with javascript, it gives out no access via CORS
Actually the question is - what's the difference? how do postman and tag bypass cors? after all, this is the same http protocol
, what is the general feature of files with this extension that they respond differently than regular webapi
2 answer(s)
@Rsa97
@inoise
R
Rsa97, 2020-05-15 @Rsa97
Postman is a development tool, a browser extension. It intercepts the response before it's even parsed by the browser and ignores the CORS policy.
For AJAX, the request is parsed by the browser, which blocks cross-domain requests if permissions for the necessary methods, domains, etc. were not previously returned by the OPTION request.
I
Ivan Shumov, 2020-05-15 @inoise
If there is a problem with CORS, then there are only 2 options - do your own back or do http reverse proxy
Similar questions
K
T
trek892018-04-01 09:51:21
Why does react component show up in firefox but not show up in chrome?
1Reply
T
E
E
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question